salt.proxy.nxos module

Proxy Minion for Cisco NX OS Switches

The Cisco NX OS Proxy Minion uses the built in SSHConnection module in salt.utils.vt_helper

To configure the proxy minion:

proxy:
  proxytype: nxos
  host: 192.168.187.100
  username: admin
  password: admin
  prompt_name: switch
  ssh_args: '-o PubkeyAuthentication=no'
  key_accept: True
proxytype

(REQUIRED) Use this proxy minion nxos

host

(REQUIRED) ip address or hostname to connect to

username

(REQUIRED) username to login with

password

(REQUIRED) password to use to login with

prompt_name

(REQUIRED, this or prompt_regex below, but not both) The name in the prompt on the switch. Recommended to use your device's hostname.

prompt_regex

(REQUIRED, this or prompt_name above, but not both) A regular expression that matches the prompt on the switch and any other possible prompt at which you need the proxy minion to continue sending input. This feature was specifically developed for situations where the switch may ask for confirmation. prompt_name above would not match these, and so the session would timeout.

Example:

dc01-switch-01#.*|\(y\/n\)\?.*

This should match

dc01-switch-01#

or

Flash complete.  Reboot this switch (y/n)? [n]

If neither prompt_name nor prompt_regex is specified the prompt will be defaulted to

.+#$

which should match any number of characters followed by a # at the end of the line. This may be far too liberal for most installations.

ssh_args

Any extra args to use to connect to the switch.

key_accept

Whether or not to accept a the host key of the switch on initial login. Defaults to False.

The functions from the proxy minion can be run from the salt commandline using the salt.modules.nxos execution module.

salt.proxy.nxos.add_config(lines)

Add one or more config lines to the switch running config

salt '*' nxos.cmd add_config 'snmp-server community TESTSTRINGHERE group network-operator'

Note

For more than one config added per command, lines should be a list.

salt.proxy.nxos.check_password(username, password, encrypted=False)

Check if passed password is the one assigned to user

salt '*' nxos.cmd check_password username=admin password=admin
salt '*' nxos.cmd check_password username=admin \
    password='$5$2fWwO2vK$s7.Hr3YltMNHuhywQQ3nfOd.gAPHgs3SOBYYdGT3E.A' \
    encrypted=True
salt.proxy.nxos.check_role(username, role)

Check if user is assigned a specific role on switch

salt '*' nxos.cmd check_role username=admin role=network-admin
salt.proxy.nxos.delete_config(lines)

Delete one or more config lines to the switch running config

salt '*' nxos.cmd delete_config 'snmp-server community TESTSTRINGHERE group network-operator'

Note

For more than one config deleted per command, lines should be a list.

salt.proxy.nxos.find(pattern)

Find all instances where the pattern is in the running command

salt '*' nxos.cmd find '^snmp-server.*$'

Note

This uses the re.MULTILINE regex format for python, and runs the regex against the whole show_run output.

salt.proxy.nxos.get_roles(username)

Get roles that the username is assigned from switch

salt '*' nxos.cmd get_roles username=admin
salt.proxy.nxos.get_user(username)

Get username line from switch

salt '*' nxos.cmd get_user username=admin
salt.proxy.nxos.grains()

Get grains for proxy minion

salt '*' nxos.cmd grains
salt.proxy.nxos.grains_refresh()

Refresh the grains from the proxy device.

salt '*' nxos.cmd grains_refresh
salt.proxy.nxos.init(opts=None)

Required. Can be used to initialize the server connection.

salt.proxy.nxos.initialized()
salt.proxy.nxos.ping()

Ping the device on the other end of the connection

salt '*' nxos.cmd ping
salt.proxy.nxos.remove_user(username)

Remove user from switch

salt '*' nxos.cmd remove_user username=daniel
salt.proxy.nxos.replace(old_value, new_value, full_match=False)

Replace string or full line matches in switch's running config

If full_match is set to True, then the whole line will need to be matched as part of the old value.

salt '*' nxos.cmd replace 'TESTSTRINGHERE' 'NEWTESTSTRINGHERE'
salt.proxy.nxos.sendline(command)

Run command through switch's cli

salt '*' nxos.cmd sendline 'show run | include "^username admin password"'
salt.proxy.nxos.set_password(username, password, encrypted=False, role=None, crypt_salt=None, algorithm='sha256')

Set users password on switch

salt '*' nxos.cmd set_password admin TestPass
salt '*' nxos.cmd set_password admin \
    password='$5$2fWwO2vK$s7.Hr3YltMNHuhywQQ3nfOd.gAPHgs3SOBYYdGT3E.A' \
    encrypted=True
salt.proxy.nxos.set_role(username, role)

Assign role to username

salt '*' nxos.cmd set_role username=daniel role=vdc-admin
salt.proxy.nxos.show_run()

Shortcut to run show run on switch

salt '*' nxos.cmd show_run
salt.proxy.nxos.show_ver()

Shortcut to run show ver on switch

salt '*' nxos.cmd show_ver
salt.proxy.nxos.shutdown(opts)

Disconnect

salt.proxy.nxos.system_info()

Return system information for grains of the NX OS proxy minion

salt '*' nxos.system_info
salt.proxy.nxos.unset_role(username, role)

Remove role from username

salt '*' nxos.cmd unset_role username=daniel role=vdc-admin